Anyone had a chance to look at this? I would really appreciate any help
someone offers.
Thanks,
--
Peter Barton
NetProtec
-------- Original Message --------
Subject: OpenSSL FIPS 140-2 Compliant
From: <pbar...@netprotec.com>
Date: Sat, July 26, 2014 10:15 am
To: openssl-users@openssl.org
I am attempting to compile a current version of OpenVPN against an
OpenSSL-1.0.1h source that I compiled calling the OpenSSL-fips-2.0.5
module. I created libssl.a and libcrypto.a and I have been trying,
unsuccessfully, to compile the OpenVPN-2.3.4 calling these libraries. I
am far from an expert in doing this so I was wondering if anyone else
could help me with this? My lack of expertise in this is most likely the
problem, but here is what I have done so far.
I have added a direct call to fips_mode_set() in the following file,
openvpn.c, openvpnapi.c, crypto.c and ssl.c
#ifdef OPENSSL_FIPS
if(options.no_fips <= 0)
{
if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
else
fprintf(stderr,"*** IN FIPS MODE ***\n");
}
#endif
I then ran ./configure OPENSSL_FIPS=1 as well as set an environment
variable of OPENSSL_FIPS=1
Once the configure script finished I ran: make CC=fipsld FIPSLD_CC=gcc
the make ran for quite a while then errored out with the following:
/bin/bash ../../libtool --tag=CC --mode=link fipsld -g -O2 -o openvpn
base64.o buffer.o clinat.o crypto.o crypto_openssl.o crypto_polarssl.o
dhcp.o error.o event.o fdmisc.o forward.o fragment.o gremlin.o helper.o
httpdigest.o lladdr.o init.o interval.o list.o lzo.o manage.o mbuf.o
misc.o platform.o console.o mroute.o mss.o mstats.o mtcp.o mtu.o mudp.o
multi.o ntlm.o occ.o pkcs11.o pkcs11_openssl.o pkcs11_polarssl.o
openvpn.o options.o otime.o packet_id.o perf.o pf.o ping.o plugin.o
pool.o proto.o proxy.o ps.o push.o reliable.o route.o schedule.o
session_id.o shaper.o sig.o socket.o socks.o ssl.o ssl_openssl.o
ssl_polarssl.o ssl_verify.o ssl_verify_openssl.o ssl_verify_polarssl.o
status.o tun.o win32.o cryptoapi.o ../../src/compat/libcompat.la -lnsl
-lresolv -llzo2 -lssl -lcrypto -ldl
libtool: link: fipsld -g -O2 -o openvpn base64.o buffer.o clinat.o
crypto.o crypto_openssl.o crypto_polarssl.o dhcp.o error.o event.o
fdmisc.o forward.o fragment.o gremlin.o helper.o httpdigest.o lladdr.o
init.o interval.o list.o lzo.o manage.o mbuf.o misc.o platform.o
console.o mroute.o mss.o mstats.o mtcp.o mtu.o mudp.o multi.o ntlm.o
occ.o pkcs11.o pkcs11_openssl.o pkcs11_polarssl.o openvpn.o options.o
otime.o packet_id.o perf.o pf.o ping.o plugin.o pool.o proto.o proxy.o
ps.o push.o reliable.o route.o schedule.o session_id.o shaper.o sig.o
socket.o socks.o ssl.o ssl_openssl.o ssl_polarssl.o ssl_verify.o
ssl_verify_openssl.o ssl_verify_polarssl.o status.o tun.o win32.o
cryptoapi.o ../../src/compat/.libs/libcompat.a -lnsl -lresolv -llzo2
-lssl -lcrypto -ldl
diff: .sha1: No such file or directory
No such file or directory
fingerprint mismatch
make[3]: *** [openvpn] Error 1
make[3]: Leaving directory `/usr/local/src/openvpn-2.3.2/src/openvpn'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/local/src/openvpn-2.3.2/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/openvpn-2.3.2'
make: *** [all] Error 2
I have asked this same question in the OpenVPN-dev email list but since
this error only happens when I make using the CC=fipsld option I figured
I would ask here as well.
I hope this is not overly verbose, but I believe it is all relevant. If
someone can help me out with the error and let me know if I am on the
correct path I would really appreciate it.
Thank you,
--
Peter Barton
NetProtec
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
